A Second Massive LinkedIn Breach Exposes the Data of 700M Users
Last April, we brought you the news that hackers had scraped data from 500 million LinkedIn accounts. At the time, the culprits were allegedly selling the information on a hacker forum, and had posted two million of the profiles as proof that they had the illegal data. The hack made headlines around the world.
Now, it seems the platform has been hacked again, this time compromising the data of 700 million users, which is more than 92% of the total 756 million LinkedIn users. The exposed records include but are not limited to full names, genders, personal and professional backgrounds, phone numbers, physical addresses, and geolocation data.
RestorePrivacy was the first to spot the hack on the dark web and proceeded to check the available data for authenticity. The hacker posted a sample of 1 million records to entice buyers.
"Based on our analysis and cross-checking data from the sample with other publicly available information, it appears all data is authentic and tied to real users. Additionally, the data does appear to be up to date, with samples from 2020 to 2021," wrote RestorePrivacy in a blog concerning the hack.
"While we did not find login credentials or financial data in the samples we examined, there is still a treasure trove of information for bad actors to exploit for financial gain."
RestorePrivacy also reported that the hacker claimed to have gotten the data by exploiting the LinkedIn API. Luckily, at least no passwords were included but that does not mean nefarious actors can't use the currently available data to cause real harm through the use of identity theft, phishing attempts, social engineering attacks, and hacked accounts.
LinkedIn released the following statement on the matter: "Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. We want to be clear that this is not a data breach and no private LinkedIn member data was exposed. Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update."
LinkedIn further added that it would work to stop the hackers and hold them accountable. However, we still can't help but wonder what LinkedIn considers private data.